diff --git a/scripts/include.am b/scripts/include.am index 0e1bffe52..1701ad97e 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -53,7 +53,7 @@ if BUILD_EXAMPLE_CLIENTS if !BUILD_IPV6 dist_noinst_SCRIPTS+= scripts/external.test dist_noinst_SCRIPTS+= scripts/google.test -#dist_noinst_SCRIPTS+= scripts/openssl.test +dist_noinst_SCRIPTS+= scripts/openssl.test endif endif diff --git a/scripts/openssl.test b/scripts/openssl.test index 8f068309c..f93f95dda 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -3,7 +3,15 @@ #openssl.test # need a unique port since may run the same time as testsuite -openssl_port=11114 +generate_port() { + openssl_port=`LC_CTYPE=C tr -cd 0-9 /dev/null + then + echo "s_server started successfully on port $openssl_port" + found_free_port=1 + break + else + #port already started, try a different port + counter=$((counter+ 1)) + generate_port + fi +done + +if [ $found_free_port = 0 ] +then + echo -e "Couldn't find free port for server" + do_cleanup + exit 1 +fi # get wolfssl ciphers wolf_ciphers=`./examples/client/client -e` @@ -99,7 +130,7 @@ if [ $server_ready = 0 ] then echo -e "Couldn't verify openssl server is running, timeout error" do_cleanup - exit -1 + exit 1 fi OIFS=$IFS # store old seperator to reset diff --git a/src/internal.c b/src/internal.c index 2efe5a537..c44a87001 100755 --- a/src/internal.c +++ b/src/internal.c @@ -3256,6 +3256,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->sessionSecretCb = NULL; ssl->sessionSecretCtx = NULL; #endif + +#ifdef HAVE_SESSION_TICKET + ssl->session.ticket = ssl->session.staticTicket; +#endif return 0; } @@ -3426,6 +3430,15 @@ void SSL_ResourceFree(WOLFSSL* ssl) #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS) FreeX509(&ssl->peerCert); #endif + +#ifdef HAVE_SESSION_TICKET + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + ssl->session.ticketLen = 0; + } +#endif } #ifdef WOLFSSL_TI_HASH @@ -3563,6 +3576,16 @@ void FreeHandshakeResources(WOLFSSL* ssl) #ifdef HAVE_QSH QSH_FreeAll(ssl); #endif + +#ifdef HAVE_SESSION_TICKET + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + ssl->session.ticketLen = 0; + } +#endif + } @@ -15183,12 +15206,30 @@ int DoSessionTicket(WOLFSSL* ssl, ato16(input + *inOutIdx, &length); *inOutIdx += OPAQUE16_LEN; - if (length > sizeof(ssl->session.ticket)) - return SESSION_TICKET_LEN_E; - if ((*inOutIdx - begin) + length > size) return BUFFER_ERROR; + if (length > sizeof(ssl->session.staticTicket)) { + /* Free old dynamic ticket if we already had one */ + if (ssl->session.isDynamic) + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = + (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + if (ssl->session.ticket == NULL) { + /* Set to static ticket to avoid null pointer error */ + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + return MEMORY_E; + } + ssl->session.isDynamic = 1; + } else { + if(ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + } + ssl->session.isDynamic = 0; + ssl->session.ticket = ssl->session.staticTicket; + } + /* If the received ticket including its length is greater than * a length value, the save it. Otherwise, don't save it. */ if (length > 0) { @@ -16846,7 +16887,7 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->options.resuming) { /* let's try */ int ret = -1; WOLFSSL_SESSION* session = GetSession(ssl, - ssl->arrays->masterSecret); + ssl->arrays->masterSecret, 1); #ifdef HAVE_SESSION_TICKET if (ssl->options.useTicket == 1) { session = &ssl->session; @@ -16861,9 +16902,6 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("Unsupported cipher suite, OldClientHello"); return UNSUPPORTED_SUITE; } - #ifdef SESSION_CERTS - ssl->session = *session; /* restore session certs. */ - #endif ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); @@ -17241,7 +17279,7 @@ int DoSessionTicket(WOLFSSL* ssl, if (ssl->options.resuming) { int ret = -1; WOLFSSL_SESSION* session = GetSession(ssl, - ssl->arrays->masterSecret); + ssl->arrays->masterSecret, 1); #ifdef HAVE_SESSION_TICKET if (ssl->options.useTicket == 1) { session = &ssl->session; @@ -17257,9 +17295,6 @@ int DoSessionTicket(WOLFSSL* ssl, WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); return UNSUPPORTED_SUITE; } - #ifdef SESSION_CERTS - ssl->session = *session; /* restore session certs. */ - #endif ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); diff --git a/src/sniffer.c b/src/sniffer.c index 4a9f18570..3194183ae 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1560,7 +1560,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes, if (doResume ) { int ret = 0; SSL_SESSION* resume = GetSession(session->sslServer, - session->sslServer->arrays->masterSecret); + session->sslServer->arrays->masterSecret, 0); if (resume == NULL) { SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE); return -1; @@ -1825,7 +1825,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, if (ret == 0 && session->flags.cached == 0) { if (session->sslServer->options.haveSessionId) { - WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL); + WOLFSSL_SESSION* sess = GetSession(session->sslServer, NULL, 0); if (sess == NULL) AddSession(session->sslServer); /* don't re add */ session->flags.cached = 1; diff --git a/src/ssl.c b/src/ssl.c index c083b9cf3..6f6c4f15f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1420,8 +1420,31 @@ WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, byte* buf, word32 bufSz) if (ssl == NULL || (buf == NULL && bufSz > 0)) return BAD_FUNC_ARG; - if (bufSz > 0) + if (bufSz > 0) { + /* Ticket will fit into static ticket */ + if(bufSz <= SESSION_TICKET_LEN) { + if (ssl->session.isDynamic) { + XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + ssl->session.isDynamic = 0; + ssl->session.ticket = ssl->session.staticTicket; + } + } else { /* Ticket requires dynamic ticket storage */ + if (ssl->session.ticketLen < bufSz) { /* is dyn buffer big enough */ + if(ssl->session.isDynamic) + XFREE(ssl->session.ticket, ssl->heap, + DYNAMIC_TYPE_SESSION_TICK); + ssl->session.ticket = XMALLOC(bufSz, ssl->heap, + DYNAMIC_TYPE_SESSION_TICK); + if(!ssl->session.ticket) { + ssl->session.ticket = ssl->session.staticTicket; + ssl->session.isDynamic = 0; + return MEMORY_ERROR; + } + ssl->session.isDynamic = 1; + } + } XMEMCPY(ssl->session.ticket, buf, bufSz); + } ssl->session.ticketLen = (word16)bufSz; return SSL_SUCCESS; @@ -5408,7 +5431,7 @@ WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl) { WOLFSSL_ENTER("SSL_get_session"); if (ssl) - return GetSession(ssl, 0); + return GetSession(ssl, 0, 0); return NULL; } @@ -7164,7 +7187,8 @@ WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len) #endif /* NO_CLIENT_CACHE */ -WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) +WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, + byte restoreSessionCerts) { WOLFSSL_SESSION* ret = 0; const byte* id = NULL; @@ -7173,6 +7197,8 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) int count; int error = 0; + (void) restoreSessionCerts; + if (ssl->options.sessionCacheOff) return NULL; @@ -7220,6 +7246,17 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) ret = current; if (masterSecret) XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN); +#ifdef SESSION_CERTS + /* If set, we should copy the session certs into the ssl object + * from the session we are returning so we can resume */ + if (restoreSessionCerts) { + ssl->session.chain = ret->chain; + ssl->session.version = ret->version; + ssl->session.cipherSuite0 = ret->cipherSuite0; + ssl->session.cipherSuite = ret->cipherSuite; + } +#endif /* SESSION_CERTS */ + } else { WOLFSSL_MSG("Session timed out"); } @@ -7235,13 +7272,105 @@ WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) } +int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom) +{ + WOLFSSL_SESSION* copyInto = &ssl->session; + void* tmpBuff = NULL; + int ticketLen; + int doDynamicCopy = 0; + int ret = SSL_SUCCESS; + + (void)ticketLen; + (void)doDynamicCopy; + (void)tmpBuff; + + if (!ssl || !copyFrom) + return BAD_FUNC_ARG; + +#ifdef HAVE_SESSION_TICKET + /* Free old dynamic ticket if we had one to avoid leak */ + if (copyInto->isDynamic) { + XFREE(copyInto->ticket, ssl->heap, DYNAMIC_TYPE_SESS_TICK); + copyInto->ticket = copyInto->staticTicket; + copyInto->isDynamic = 0; + } +#endif + + if (LockMutex(&session_mutex) != 0) + return BAD_MUTEX_E; + +#ifdef HAVE_SESSION_TICKET + /* Size of ticket to alloc if needed; Use later for alloc outside lock */ + doDynamicCopy = copyFrom->isDynamic; + ticketLen = copyFrom->ticketLen; +#endif + + *copyInto = *copyFrom; + + /* Default ticket to non dynamic. This will avoid crash if we fail below */ +#ifdef HAVE_SESSION_TICKET + copyInto->ticket = copyInto->staticTicket; + copyInto->isDynamic = 0; +#endif + + if (UnLockMutex(&session_mutex) != 0) { + return BAD_MUTEX_E; + } + +#ifdef HAVE_SESSION_TICKET + /* If doing dynamic copy, need to alloc outside lock, then inside a lock + * confirm the size still matches and memcpy */ + if (doDynamicCopy) { + tmpBuff = XMALLOC(ticketLen, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + if (!tmpBuff) + return MEMORY_ERROR; + + if (LockMutex(&session_mutex) != 0) { + XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESS_TICK); + return BAD_MUTEX_E; + } + + if (ticketLen != copyFrom->ticketLen) { + /* Another thread modified the ssl-> session ticket during alloc. + * Treat as error, since ticket different than when copy requested */ + ret = VAR_STATE_CHANGE_E; + } + + if (ret == SSL_SUCCESS) { + copyInto->ticket = tmpBuff; + copyInto->isDynamic = 1; + XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen); + } + } else { + /* Need to ensure ticket pointer gets updated to own buffer + * and is not pointing to buff of session copied from */ + copyInto->ticket = copyInto->staticTicket; + } + + if (UnLockMutex(&session_mutex) != 0) { + if (ret == SSL_SUCCESS) + ret = BAD_MUTEX_E; + } + + if (ret != SSL_SUCCESS) { + /* cleanup */ + if (tmpBuff) + XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESS_TICK); + copyInto->ticket = copyInto->staticTicket; + copyInto->isDynamic = 0; + } +#endif /* HAVE_SESSION_TICKET */ + return ret; +} + + int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session) { if (ssl->options.sessionCacheOff) return SSL_FAILURE; if (LowResTimer() < (session->bornOn + session->timeout)) { - ssl->session = *session; + GetDeepCopySession(ssl, session); ssl->options.resuming = 1; #ifdef SESSION_CERTS @@ -7265,6 +7394,10 @@ int AddSession(WOLFSSL* ssl) { word32 row, idx; int error = 0; +#ifdef HAVE_SESSION_TICKET + byte* tmpBuff = NULL; + int ticLen = 0; +#endif if (ssl->options.sessionCacheOff) return 0; @@ -7283,8 +7416,23 @@ int AddSession(WOLFSSL* ssl) return error; } - if (LockMutex(&session_mutex) != 0) +#ifdef HAVE_SESSION_TICKET + ticLen = ssl->session.ticketLen; + /* Alloc Memory here so if Malloc fails can exit outside of lock */ + if(ticLen > SESSION_TICKET_LEN) { + tmpBuff = XMALLOC(ticLen, ssl->heap, + DYNAMIC_TYPE_SESSION_TICK); + if(!tmpBuff) + return MEMORY_E; + } +#endif + + if (LockMutex(&session_mutex) != 0) { +#ifdef HAVE_SESSION_TICKET + XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); +#endif return BAD_MUTEX_E; + } idx = SessionCache[row].nextIdx++; #ifdef SESSION_INDEX @@ -7301,52 +7449,93 @@ int AddSession(WOLFSSL* ssl) SessionCache[row].Sessions[idx].bornOn = LowResTimer(); #ifdef HAVE_SESSION_TICKET - SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen; - XMEMCPY(SessionCache[row].Sessions[idx].ticket, - ssl->session.ticket, ssl->session.ticketLen); + /* Check if another thread modified ticket since alloc */ + if (ticLen != ssl->session.ticketLen) { + error = VAR_STATE_CHANGE_E; + } + + if (error == 0) { + /* Cleanup cache row's old Dynamic buff if exists */ + if(SessionCache[row].Sessions[idx].isDynamic) { + XFREE(SessionCache[row].Sessions[idx].ticket, + ssl->heap, DYNAMIC_TYPE_SESS_TICK); + SessionCache[row].Sessions[idx].ticket = NULL; + } + + /* If too large to store in static buffer, use dyn buffer */ + if (ticLen > SESSION_TICKET_LEN) { + SessionCache[row].Sessions[idx].ticket = tmpBuff; + SessionCache[row].Sessions[idx].isDynamic = 1; + } else { + SessionCache[row].Sessions[idx].ticket = + SessionCache[row].Sessions[idx].staticTicket; + SessionCache[row].Sessions[idx].isDynamic = 0; + } + } + + if (error == 0) { + SessionCache[row].Sessions[idx].ticketLen = ticLen; + XMEMCPY(SessionCache[row].Sessions[idx].ticket, + ssl->session.ticket, ticLen); + } else { /* cleanup, reset state */ + SessionCache[row].Sessions[idx].ticket = + SessionCache[row].Sessions[idx].staticTicket; + SessionCache[row].Sessions[idx].isDynamic = 0; + SessionCache[row].Sessions[idx].ticketLen = 0; + if (tmpBuff) { + XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK); + tmpBuff = NULL; + } + } #endif #ifdef SESSION_CERTS - SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count; - XMEMCPY(SessionCache[row].Sessions[idx].chain.certs, - ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH); + if (error == 0) { + SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count; + XMEMCPY(SessionCache[row].Sessions[idx].chain.certs, + ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH); - SessionCache[row].Sessions[idx].version = ssl->version; - SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0; - SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite; -#endif /* SESSION_CERTS */ - - SessionCache[row].totalCount++; - if (SessionCache[row].nextIdx == SESSIONS_PER_ROW) - SessionCache[row].nextIdx = 0; - -#ifndef NO_CLIENT_CACHE - if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) { - word32 clientRow, clientIdx; - - WOLFSSL_MSG("Adding client cache entry"); - - SessionCache[row].Sessions[idx].idLen = ssl->session.idLen; - XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID, - ssl->session.idLen); - - clientRow = HashSession(ssl->session.serverID, ssl->session.idLen, - &error) % SESSION_ROWS; - if (error != 0) { - WOLFSSL_MSG("Hash session failed"); - } else { - clientIdx = ClientCache[clientRow].nextIdx++; - - ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row; - ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx; - - ClientCache[clientRow].totalCount++; - if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW) - ClientCache[clientRow].nextIdx = 0; - } + SessionCache[row].Sessions[idx].version = ssl->version; + SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0; + SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite; + } +#endif /* SESSION_CERTS */ + if (error == 0) { + SessionCache[row].totalCount++; + if (SessionCache[row].nextIdx == SESSIONS_PER_ROW) + SessionCache[row].nextIdx = 0; + } +#ifndef NO_CLIENT_CACHE + if (error == 0) { + if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) { + word32 clientRow, clientIdx; + + WOLFSSL_MSG("Adding client cache entry"); + + SessionCache[row].Sessions[idx].idLen = ssl->session.idLen; + XMEMCPY(SessionCache[row].Sessions[idx].serverID, + ssl->session.serverID, ssl->session.idLen); + + clientRow = HashSession(ssl->session.serverID, ssl->session.idLen, + &error) % SESSION_ROWS; + if (error != 0) { + WOLFSSL_MSG("Hash session failed"); + } else { + clientIdx = ClientCache[clientRow].nextIdx++; + + ClientCache[clientRow].Clients[clientIdx].serverRow = + (word16)row; + ClientCache[clientRow].Clients[clientIdx].serverIdx = + (word16)idx; + + ClientCache[clientRow].totalCount++; + if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW) + ClientCache[clientRow].nextIdx = 0; + } + } + else + SessionCache[row].Sessions[idx].idLen = 0; } - else - SessionCache[row].Sessions[idx].idLen = 0; #endif /* NO_CLIENT_CACHE */ #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) @@ -7578,10 +7767,12 @@ int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak, #else /* NO_SESSION_CACHE */ /* No session cache version */ -WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret) +WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret, + byte restoreSessionCerts) { (void)ssl; (void)masterSecret; + (void)restoreSessionCerts; return NULL; } diff --git a/src/tls.c b/src/tls.c index 3b6e0a879..b274e0932 100644 --- a/src/tls.c +++ b/src/tls.c @@ -3212,9 +3212,11 @@ int TLSX_UseSessionTicket(TLSX** extensions, SessionTicket* ticket) #define STK_GET_SIZE TLSX_SessionTicket_GetSize #define STK_WRITE TLSX_SessionTicket_Write #define STK_PARSE TLSX_SessionTicket_Parse +#define STK_FREE(stk) TLSX_SessionTicket_Free((SessionTicket*)stk) #else +#define STK_FREE(a) #define STK_VALIDATE_REQUEST(a) #define STK_GET_SIZE(a, b) 0 #define STK_WRITE(a, b, c) 0 @@ -3864,7 +3866,7 @@ void TLSX_FreeAll(TLSX* list) break; case TLSX_SESSION_TICKET: - /* Nothing to do. */ + STK_FREE(extension->data); break; case TLSX_QUANTUM_SAFE_HYBRID: diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index f38ee38e8..75b16b023 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -101,6 +101,9 @@ const char* wc_GetErrorString(int error) case MEMORY_E : return "out of memory error"; + case VAR_STATE_CHANGE_E : + return "Variable state modified by different thread"; + case RSA_WRONG_TYPE_E : return "RSA wrong block type for RSA function"; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 0c2a96846..c30c2beab 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2221,11 +2221,11 @@ struct WOLFSSL_X509_CHAIN { /* wolfSSL session type */ struct WOLFSSL_SESSION { - word32 bornOn; /* create time in seconds */ - word32 timeout; /* timeout in seconds */ - byte sessionID[ID_LEN]; /* id for protocol */ - byte sessionIDSz; - byte masterSecret[SECRET_LEN]; /* stored secret */ + word32 bornOn; /* create time in seconds */ + word32 timeout; /* timeout in seconds */ + byte sessionID[ID_LEN]; /* id for protocol */ + byte sessionIDSz; + byte masterSecret[SECRET_LEN]; /* stored secret */ #ifdef SESSION_CERTS WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */ ProtocolVersion version; /* which version was used */ @@ -2233,21 +2233,23 @@ struct WOLFSSL_SESSION { byte cipherSuite; /* 2nd byte, actual suite */ #endif #ifndef NO_CLIENT_CACHE - word16 idLen; /* serverID length */ - byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ + word16 idLen; /* serverID length */ + byte serverID[SERVER_ID_LEN]; /* for easier client lookup */ #endif #ifdef HAVE_SESSION_TICKET - word16 ticketLen; - byte ticket[SESSION_TICKET_LEN]; + byte* ticket; + word16 ticketLen; + byte staticTicket[SESSION_TICKET_LEN]; + byte isDynamic; #endif #ifdef HAVE_STUNNEL - void* ex_data[MAX_EX_DATA]; + void* ex_data[MAX_EX_DATA]; #endif }; WOLFSSL_LOCAL -WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*); +WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte); WOLFSSL_LOCAL int SetSession(WOLFSSL*, WOLFSSL_SESSION*); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 21c11a4aa..2d0315167 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -301,6 +301,7 @@ WOLFSSL_API void wolfSSL_set_quiet_shutdown(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_error(WOLFSSL*, int); WOLFSSL_API int wolfSSL_get_alert_history(WOLFSSL*, WOLFSSL_ALERT_HISTORY *); +WOLFSSL_API int GetDeepCopySession(WOLFSSL*, WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_set_session(WOLFSSL* ssl,WOLFSSL_SESSION* session); WOLFSSL_API long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* session, long t); WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 0be438d3c..56c6ed8b9 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -59,6 +59,8 @@ enum { MP_ZERO_E = -121, /* got a mp zero result, not expected */ MEMORY_E = -125, /* out of memory error */ + VAR_STATE_CHANGE_E = -126, /* var state modified by different thread */ + RSA_WRONG_TYPE_E = -130, /* RSA wrong block type for RSA function */ RSA_BUFFER_E = -131, /* RSA buffer error, output too small or diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 42d442f8a..9a76e0b6e 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -316,7 +316,8 @@ DYNAMIC_TYPE_X509_CTX = 53, DYNAMIC_TYPE_URL = 54, DYNAMIC_TYPE_DTLS_FRAG = 55, - DYNAMIC_TYPE_DTLS_BUFFER = 56 + DYNAMIC_TYPE_DTLS_BUFFER = 56, + DYNAMIC_TYPE_SESSION_TICK = 57 }; /* max error buffer string size */